From fe9285872799ce8d370c6a4945d03e89945cfdfa Mon Sep 17 00:00:00 2001 From: Viktor Farcic Date: Fri, 12 Jun 2026 20:58:51 +0000 Subject: [PATCH] fix(deps): bump @grpc/grpc-js to 1.14.4 for GHSA-5375-pq7m-f5r2 and GHSA-99f4-grh7-6pcq Resolves two high-severity @grpc/grpc-js advisories flagged by the Security Analysis (better-npm-audit) CI step, which currently block all PRs. Verified locally: better-npm-audit passes and the build succeeds. Co-Authored-By: Claude Opus 4.8 --- package-lock.json | 9 ++++----- package.json | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 408d0969..e44e69b1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "@ai-sdk/openai": "^3.0.41", "@ai-sdk/openai-compatible": "^2.0.35", "@ai-sdk/xai": "^3.0.67", - "@grpc/grpc-js": "^1.14.3", + "@grpc/grpc-js": "^1.14.4", "@grpc/proto-loader": "^0.8.0", "@kubernetes/client-node": "^1.3.0", "@modelcontextprotocol/sdk": "^1.27.1", @@ -932,10 +932,9 @@ } }, "node_modules/@grpc/grpc-js": { - "version": "1.14.3", - "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz", - "integrity": "sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA==", - "license": "Apache-2.0", + "version": "1.14.4", + "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.4.tgz", + "integrity": "sha512-k9Dj3DV/itK9D06Y8f190Qgop7/Ui+D0njFV3LHMPwPT75DpXLQohE9Wmz0QElrJnzsjB7KPWiKJbOl7IPDArQ==", "dependencies": { "@grpc/proto-loader": "^0.8.0", "@js-sdsl/ordered-map": "^4.4.2" diff --git a/package.json b/package.json index f71bfe1c..2e92596c 100644 --- a/package.json +++ b/package.json @@ -115,7 +115,7 @@ "@ai-sdk/openai": "^3.0.41", "@ai-sdk/openai-compatible": "^2.0.35", "@ai-sdk/xai": "^3.0.67", - "@grpc/grpc-js": "^1.14.3", + "@grpc/grpc-js": "^1.14.4", "@grpc/proto-loader": "^0.8.0", "@kubernetes/client-node": "^1.3.0", "@modelcontextprotocol/sdk": "^1.27.1",